private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCredential.GetToken", requestContext);
try
{
var tokenProviderPath = GetTokenProviderPath();
var tokenProviders = GetTokenProviders(tokenProviderPath);
var resource = ScopeUtilities.ScopesToResource(requestContext.Scopes);
var processStartInfos = GetProcessStartInfos(tokenProviders, resource, cancellationToken);
if (processStartInfos.Count == 0)
{
throw new CredentialUnavailableException("No installed instance of Visual Studio was found");
}
return(await RunProcessesAsync(processStartInfos, async, cancellationToken).ConfigureAwait(false));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DefaultAzureCredential.GetToken", requestContext);
try
{
AccessToken token;
if (_credential != null)
{
token = async ? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false) : _credential.GetToken(requestContext, cancellationToken);
}
else
{
token = await GetTokenFromSourcesAsync(async, requestContext, cancellationToken).ConfigureAwait(false);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e) when(!(e is CredentialUnavailableException))
{
throw scope.FailAndWrap(new AuthenticationFailedException(UnhandledExceptionMessage, e));
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, bool async, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("VisualStudioCodeCredential.GetToken", requestContext);
try
{
GetUserSettings(out var tenant, out var environmentName);
var cloudInstance = GetAzureCloudInstance(environmentName);
var storedCredentials = _vscAdapter.GetCredentials(CredentialsSection, environmentName);
if (!IsBase64UrlString(storedCredentials))
{
throw new CredentialUnavailableException("Need to re-authenticate user in VSCode Azure Account.");
}
var result = await _client.AcquireTokenByRefreshToken(requestContext.Scopes, storedCredentials, cloudInstance, tenant, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("EnvironmentCredential.GetToken", requestContext);
if (_credential is null)
{
throw scope.Failed(new CredentialUnavailableException(UnavailbleErrorMessage));
}
try
{
AccessToken token = async
? await _credential.GetTokenAsync(requestContext, cancellationToken).ConfigureAwait(false)
: _credential.GetToken(requestContext, cancellationToken);
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = async
? await _account.Value.ConfigureAwait(false)
#pragma warning disable AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
: _account.Value.GetAwaiter().GetResult();
#pragma warning restore AZC0102 // Do not use GetAwaiter().GetResult(). Use the TaskExtensions.EnsureCompleted() extension method instead.
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DeviceCodeCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
}
else
{
return(scope.Succeeded(await GetTokenViaDeviceCodeAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token for a user account, authenticating them through the device code authentication flow. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("DeviceCodeCredential.GetToken", requestContext);
try
{
if (_account != null)
{
try
{
AuthenticationResult result = _client.AcquireTokenSilentAsync(requestContext.Scopes, _account, cancellationToken).GetAwaiter().GetResult();
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult()));
}
}
else
{
return(scope.Succeeded(GetTokenViaDeviceCodeAsync(requestContext.Scopes, cancellationToken).GetAwaiter().GetResult()));
}
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("SharedTokenCacheCredential.GetToken", requestContext);
try
{
IAccount account = await _account.Value.ConfigureAwait(false);
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, account, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException)
{
throw scope.Failed(new CredentialUnavailableException($"{nameof(SharedTokenCacheCredential)} authentication unavailable. Token acquisition failed for user {_username}. Ensure that you have authenticated with a developer tool that supports Azure single sign on."));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token for a user account, authenticating them using the given username and password. Note: This will fail with
/// an <see cref="AuthenticationFailedException"/> if the specified user account has MFA enabled. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("UsernamePasswordCredential.GetToken", requestContext);
try
{
AuthenticationResult result = await _client.AcquireTokenByUsernamePasswordAsync(requestContext.Scopes, _username, _password, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified X509 certificate to authenticate. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override AccessToken GetToken(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ClientCertificateCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(_client.Authenticate(TenantId, ClientId, ClientCertificate, requestContext.Scopes, cancellationToken)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
/// <summary>
/// Obtains a token from the Azure Active Directory service, using the specified client secret to authenticate. This method is called by Azure SDK clients. It isn't intended for use in application code.
/// </summary>
/// <param name="requestContext">The details of the authentication request.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> controlling the request lifetime.</param>
/// <returns>An <see cref="AccessToken"/> which can be used to authenticate service client calls.</returns>
public override async ValueTask <AccessToken> GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ClientSecretCredential.GetToken", requestContext);
try
{
return(scope.Succeeded(await _client.AuthenticateAsync(TenantId, ClientId, ClientSecret, requestContext.Scopes, cancellationToken).ConfigureAwait(false)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("AzureCliCredential.GetToken", requestContext);
try
{
AccessToken token = await RequestCliAccessTokenAsync(async, requestContext.Scopes, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope("ManagedIdentityCredential.GetToken", requestContext);
try
{
AccessToken result = async ? await _client.AuthenticateAsync(requestContext.Scopes, cancellationToken).ConfigureAwait(false) : _client.Authenticate(requestContext.Scopes, cancellationToken);
return(scope.Succeeded(result));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async Task <AuthenticationRecord> AuthenticateImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(Authenticate)}", requestContext);
try
{
scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false));
return(_record);
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(InteractiveBrowserCredential)}.{nameof(GetToken)}", requestContext);
try
{
Exception inner = null;
if (_record != null)
{
try
{
AuthenticationResult result = await _client.AcquireTokenSilentAsync(requestContext.Scopes, (AuthenticationAccount)_record, async, cancellationToken).ConfigureAwait(false);
return(scope.Succeeded(new AccessToken(result.AccessToken, result.ExpiresOn)));
}
catch (MsalUiRequiredException e)
{
inner = e;
}
}
if (_disableAutomaticAuthentication)
{
throw new AuthenticationRequiredException(AuthenticationRequiredMessage, requestContext, inner);
}
return(scope.Succeeded(await GetTokenViaBrowserLoginAsync(requestContext.Scopes, async, cancellationToken).ConfigureAwait(false)));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
private async ValueTask <AccessToken> GetTokenImplAsync(bool async, TokenRequestContext requestContext, CancellationToken cancellationToken = default)
{
using CredentialDiagnosticScope scope = _pipeline.StartGetTokenScope($"{nameof(AuthorizationCodeCredential)}.{nameof(GetToken)}", requestContext);
try
{
AccessToken token = default;
if (_record is null)
{
AuthenticationResult result = await _confidentialClient.AcquireTokenByAuthorizationCode(requestContext.Scopes, _authCode).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
_record = new AuthenticationRecord(result);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
else
{
AuthenticationResult result = await _confidentialClient.AcquireTokenSilent(requestContext.Scopes, (AuthenticationAccount)_record).ExecuteAsync(async, cancellationToken).ConfigureAwait(false);
token = new AccessToken(result.AccessToken, result.ExpiresOn);
}
return(scope.Succeeded(token));
}
catch (OperationCanceledException e)
{
scope.Failed(e);
throw;
}
catch (Exception e)
{
throw scope.FailAndWrap(e);
}
}
